CAS

Authentication	Users	Password
✔

Presentation

LL::NG can delegate authentication to a CAS server. This requires Perl CAS module.

LL::NG can also act as CAS server, that allows one to interconnect two LL::NG systems.

LL::NG can also request proxy tickets for its protected services. Proxy tickets will be collected at authentication phase and stored in user session under the form:

_casPTserviceID = Proxy ticket value

They can then be forwarded to applications trough HTTP headers.

CAS authentication will automatically add a logout forward rule on CAS server logout URL in order to close CAS session on LL::NG logout.

Perl-CAS module installation

Download the latest version:

wget https://sourcesup.cru.fr/frs/download.php/2476/AuthCAS-1.4.tar.gz

Extract and build the module:

tar zxvf AuthCAS-1.4.tar.gz 
cd AuthCAS-1.4/
perl Makefile.PL
make
make test

Install the module:

sudo make install

Configuration

In Manager, go in General Parameters > Authentication modules and choose CAS for authentication.

You can then choose any other module for users and password.

Then, go in CAS parameters:

Authentication level: authentication level for this module.
Server URL: CAS server URL (must use https://)
CA file: CA certificate used to validate CAS server certificate
Renew authentication: force authentication renewal on CAS server
Gateways authentication: force transparent authentication on CAS server
PGT file: temporary file where proxy tickets are stored (by default, /tmp/pgt.txt)
Proxied services: list of services for which a proxy ticket is requested:
- Key: Service ID
- Value Service URL (CAS service identifier)

If no proxied services defined, CAS authentication will not activate the CAS proxy mode.

If you activate proxy mode, you must create the PGT file on your system, for example:

touch /tmp/pgt.txt

Table of Contents

CAS

Presentation

Perl-CAS module installation

Configuration